Does the LDAP synchronization process take groups into consideration so they can then be used to provide a domain with a more granular policy?

The test envrionment I am using at the back end is pretty simple - a single 2003 Server acting as a domain controller, approximately a dozen users and a small collection of groups (both security groups and distrubution groups).

Having set-up Account Management -> Configuration -> Directory Integration (using the EMail Domain logical structure) for the domain in question, the Test Settings option shows that SaaS is able to communicate with active directory.

I then go to Account Management -> Users and initiate a Sync.

Having now clarified that the sync process will automatically reject 'intermal' domain addresses, the number of reported "User Adds" is equivalent to the number of users I have in my active directory. But the Sync process seems to be oblivious of any groups. This is despite the fact that the group definitions (both distribution and security) are located at the same AD branch as the user records.

Retuning to the Directory Integration page, there doesn't appear to be anything in the configuration settings specific to groups.

So, should this process be able to import my AD groups and as it is not, what should I be looking at?

From my experience the Email Domain (Pull) method is fairly limited as to what information it can obtain and pull from Active Directory, being limited to User Accounts (specifically looking for the proxyAddresses attribute by default), so groups are not included.

The Directory Services Connector component of ePolicy Orchastrator, from my understanding, does publish this information to the SaaS Product.